Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A device, comprising: a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, comprising: receiving a registration request associated with a communication device, wherein the registration request includes a device authentication response; comparing the device authentication response to a plurality of generated authentication responses; identifying that the device authentication response matches a first generated authentication response, wherein the first generated authentication response is one of the plurality of generated authentication responses; identifying a first device profile associated with the first generated authentication response; and notifying a server to provide services to the communication device according to the first device profile.
This invention relates to a device authentication and service provisioning system. The problem addressed is the need for secure and efficient registration and authentication of communication devices to ensure proper service delivery based on device-specific profiles. The device includes a processing system with a processor and memory storing executable instructions. When executed, the instructions perform operations including receiving a registration request from a communication device, which includes a device authentication response. The system compares this response against a plurality of pre-generated authentication responses. If a match is found with one of these responses, the system identifies the corresponding device profile associated with that response. The system then notifies a server to provide services to the communication device according to the identified profile. The authentication process ensures that only authorized devices are granted access, while the profile-based service provisioning allows for customized service delivery tailored to the specific device. This approach enhances security and operational efficiency by automating the authentication and service assignment process. The system dynamically links device authentication to predefined profiles, enabling seamless and secure service activation.
2. The device of claim 1 , wherein the operations comprise receiving an international mobile subscriber identity (IMSI) and a generated authentication response for each of a plurality of secret keys resulting in the plurality of generated authentication responses.
The invention relates to a device for handling mobile subscriber authentication in a telecommunications network. The problem addressed is the need to securely authenticate mobile subscribers using multiple secret keys to enhance security and prevent unauthorized access. The device receives an International Mobile Subscriber Identity (IMSI) and generates authentication responses for each of a plurality of secret keys. This results in multiple generated authentication responses, which can be used to verify the subscriber's identity and ensure secure communication. The device processes these responses to authenticate the subscriber, improving the reliability and security of the authentication process. The use of multiple secret keys and corresponding authentication responses helps mitigate risks associated with single-key authentication systems, such as key compromise or replay attacks. The invention is particularly useful in mobile networks where secure and efficient authentication is critical for protecting user data and network integrity.
3. The device of claim 2 , wherein the receiving of the IMSI and the plurality of generated authentication responses comprises receiving of the IMSI and the plurality of generated authentication responses from a registration function.
The invention relates to a device for handling authentication in a mobile communication system, specifically addressing the challenge of securely managing subscriber identity and authentication data. The device is designed to receive an International Mobile Subscriber Identity (IMSI) and multiple generated authentication responses from a registration function. The registration function is responsible for registering a subscriber with the network and generating authentication vectors, which include keys and parameters used to authenticate the subscriber. The device processes these authentication vectors to facilitate secure communication between the subscriber and the network. The invention ensures that authentication data is securely transmitted and managed, reducing the risk of interception or tampering. The device may also include a storage module to store the received IMSI and authentication responses, allowing for efficient retrieval and use during subsequent authentication processes. This approach enhances the security and reliability of subscriber authentication in mobile networks.
4. The device of claim 2 , wherein the receiving of the IMSI and a plurality of secret keys comprises receiving of the IMSI and the plurality of secret keys from an identity provisioning function.
This invention relates to a device for securely managing subscriber identity information in a telecommunications network, particularly addressing the challenge of securely provisioning and storing International Mobile Subscriber Identity (IMSI) and associated secret keys. The device receives the IMSI and multiple secret keys from an identity provisioning function, which acts as a centralized authority for securely distributing identity credentials. The device stores these credentials in a secure manner, ensuring they are protected from unauthorized access. The secure storage mechanism may involve hardware-based security modules or encrypted storage solutions to prevent tampering or leakage. The device may also include functionality to authenticate the identity provisioning function before accepting the credentials, ensuring that only trusted sources can provision the IMSI and secret keys. This approach enhances security by centralizing credential management and reducing the risk of exposure through decentralized storage. The device may further support periodic rekeying or credential updates to maintain security over time. The overall system improves the security of subscriber identity management in mobile networks by ensuring that sensitive credentials are securely provisioned, stored, and managed.
5. The device of claim 1 , wherein the operations comprise associating each of the plurality of generated authentication responses with each of a plurality of device profiles.
A system for managing authentication responses in a networked environment addresses the challenge of securely verifying device identities while maintaining flexibility across different device types and configurations. The system generates multiple authentication responses based on received authentication requests, each response tailored to specific security protocols or device requirements. These responses are then linked to corresponding device profiles, which store unique attributes, authentication histories, and security policies for each device. By associating responses with profiles, the system ensures that authentication is both device-specific and adaptable to varying security contexts. This approach enhances security by preventing unauthorized access while allowing seamless integration with diverse devices, such as IoT sensors, mobile devices, or enterprise systems. The system dynamically updates profiles based on authentication outcomes, improving future verification processes. This method reduces the risk of credential reuse and strengthens overall network security by maintaining a granular record of device interactions. The solution is particularly useful in environments where multiple devices require secure, individualized authentication without compromising performance or usability.
6. The device of claim 1 , wherein the notifying of the server comprises notifying an identity provisioning function of the first device profile, wherein the server obtains an indication of the first device profile from the identity provisioning function.
This invention relates to a system for managing device profiles in a networked environment, particularly where a server needs to obtain and verify device profiles from a first device. The problem addressed is ensuring secure and efficient communication of device profiles between devices and servers, especially in scenarios where identity verification is required. The system includes a first device configured to notify a server about its device profile. The notification process involves sending the device profile to an identity provisioning function, which acts as an intermediary to verify and relay the profile to the server. The server then obtains the device profile from the identity provisioning function, ensuring that the profile is authenticated and properly managed. This approach enhances security by preventing direct exposure of the device profile to unauthorized entities and streamlines the verification process. The identity provisioning function serves as a trusted intermediary, handling the authentication and distribution of device profiles. This function may include mechanisms to validate the profile's integrity and ensure it meets predefined security standards before forwarding it to the server. The server, upon receiving the profile, can use it for authentication, authorization, or other identity-related operations. This method improves the reliability and security of device profile management in networked systems, particularly in environments where multiple devices interact with centralized servers. The use of an identity provisioning function ensures that device profiles are securely transmitted and verified, reducing the risk of unauthorized access or tampering.
7. The device of claim 6 , wherein the operations further comprise receiving a first unique identifier from the communication device, wherein the first unique identifier is associated with the first device profile, and wherein the notifying of the identity provisioning function of the first device profile comprises sending the first unique identifier to the identity provisioning function, wherein the identity provisioning function associates each of a plurality of device profiles with each of a plurality of unique identifiers, and wherein the identity provisioning function identifies the first device profile according to the first unique identifier.
A system for managing device profiles in a communication network addresses the challenge of securely and efficiently associating and retrieving device-specific configurations. The system includes a communication device that interacts with an identity provisioning function to manage device profiles, which store configuration settings, authentication credentials, or operational parameters for different devices. The communication device receives a first unique identifier linked to a first device profile and sends this identifier to the identity provisioning function. The identity provisioning function maintains a mapping between multiple device profiles and their corresponding unique identifiers, allowing it to retrieve the correct profile based on the received identifier. This ensures that the communication device can dynamically access the appropriate configuration without manual intervention, improving scalability and security in networked environments. The system may also include a profile management function that generates, updates, or deletes device profiles, ensuring that the identity provisioning function always has the latest configurations available. This approach streamlines device provisioning and reduces errors in profile assignment, particularly in large-scale deployments where manual management is impractical.
8. The device of claim 1 , wherein the first device profile is one of a group of device profiles for the communication device, and wherein the group of device profiles indicate different users.
A communication device includes multiple device profiles, each associated with a different user. The device profiles allow the communication device to adapt its settings, configurations, and functionalities based on the active user. This enables personalized experiences, such as customized interfaces, preferred applications, or specific communication preferences, while maintaining a single physical device. The system may automatically switch between profiles based on user detection, manual selection, or other triggers. This approach addresses the need for shared devices to provide individualized experiences without requiring separate hardware for each user. The profiles may include user-specific preferences, security settings, or application states, ensuring seamless transitions between users while maintaining privacy and efficiency. The device may also synchronize profile data across multiple devices or cloud services for consistency. This solution is particularly useful in shared environments like households, offices, or public kiosks where multiple users interact with the same device.
9. A method, comprising: obtaining, by a processing system including a processor, a registration request from a communication device, wherein the registration request includes a first unique identifier of a plurality of the unique identifiers; steering, by the processing system, the registration request to a first registration function of a plurality of registration functions according to the first unique identifier; and providing, by the processing system, the first unique identifier to an identity provisioning function, wherein the identity provisioning function identifies a first device profile according to the first unique identifier, and wherein the identity provisioning function sends a notification to a server that the communication device has enabled the first device profile.
This invention relates to a system for managing device registration and identity provisioning in a communication network. The problem addressed is the efficient routing of registration requests from communication devices to appropriate registration functions based on unique identifiers, while also enabling dynamic identity provisioning and notification to servers. The method involves a processing system that receives a registration request from a communication device, where the request includes a unique identifier. The processing system routes the request to a specific registration function from a pool of available functions, determined by the unique identifier. The unique identifier is then provided to an identity provisioning function, which retrieves a corresponding device profile associated with the identifier. The identity provisioning function notifies a server that the communication device has activated the identified profile, enabling the server to update its records or configure services accordingly. This approach ensures that registration requests are processed by the correct function and that device identities are dynamically managed, improving scalability and flexibility in network operations. The system supports multiple unique identifiers and device profiles, allowing for diverse device configurations and seamless integration with existing network infrastructure.
10. The method of claim 9 , comprising receiving, by the processing system, an international mobile subscriber identity (IMSI) and a plurality of unique identifiers from the identity provisioning function, wherein each of the plurality of unique identifiers are associated with a registration function resulting in the plurality of registration functions, wherein the processing system operates as an identity proxy function.
This invention relates to a system for managing mobile network identities, specifically addressing the challenge of securely provisioning and managing multiple unique identifiers for network registration functions. The method involves a processing system acting as an identity proxy function, which receives an International Mobile Subscriber Identity (IMSI) and a set of unique identifiers from an identity provisioning function. Each unique identifier is linked to a distinct registration function, resulting in multiple registration functions being established. The identity proxy function facilitates secure communication between the IMSI and these registration functions, ensuring proper authentication and authorization within the network. This approach enhances flexibility and security in mobile network identity management by decoupling the IMSI from direct exposure to registration functions, reducing the risk of identity-related vulnerabilities. The system is particularly useful in environments requiring dynamic or multi-registration scenarios, such as 5G networks or IoT deployments, where multiple identities may need to be managed simultaneously. The processing system's role as an intermediary ensures that identity provisioning remains centralized and controlled, while registration functions operate independently, improving scalability and security.
11. The method of claim 9 , comprising: receiving, by the processing system, a device authentication response from the communication device; and forwarding, by the processing system, the device authentication response to the first registration function.
A system and method for secure device authentication in a communication network involves a processing system that facilitates authentication between a communication device and a registration function. The communication device initiates an authentication request, which the processing system receives and forwards to a first registration function. The registration function processes the request and generates an authentication response, which the processing system then receives and forwards back to the communication device. This method ensures secure and efficient authentication by acting as an intermediary, handling the exchange of authentication data between the device and the registration function. The processing system may also manage multiple registration functions, selecting the appropriate one based on the device's identity or other criteria. The authentication process may involve cryptographic protocols, such as digital signatures or key exchanges, to verify the device's identity and establish a secure communication channel. This approach enhances security by centralizing authentication handling, reducing the risk of unauthorized access or data interception. The system is particularly useful in networks where multiple devices need to authenticate with different registration functions, ensuring seamless and secure communication.
12. The method of claim 9 , comprising: receiving, by the processing system, a registration confirmation from the first registration function; and forwarding, by the processing system, the registration confirmation to the communication device.
This invention relates to a method for managing device registration in a communication system. The problem addressed is ensuring reliable and secure confirmation of device registration between a processing system and a communication device. The method involves a processing system that receives a registration confirmation from a first registration function, which is responsible for authenticating and registering the communication device. After receiving this confirmation, the processing system forwards it to the communication device, ensuring that the device is properly registered and can proceed with communication operations. The first registration function may involve verifying the device's identity, credentials, or other registration parameters before issuing the confirmation. This method ensures that the communication device receives timely and accurate registration status updates, reducing errors and improving system reliability. The processing system acts as an intermediary, facilitating secure and efficient communication between the registration function and the device. This approach is particularly useful in systems where multiple devices need to be registered and managed dynamically, such as in IoT networks or telecommunication systems. The method enhances security by ensuring that only properly authenticated devices receive registration confirmations, preventing unauthorized access.
13. The method of claim 9 , wherein the identity provisioning function provisions the communication device with an IMSI, a plurality of device profiles, and a plurality of secret keys, and provides instructions to the communication device to associate each of the plurality of device profiles with the IMSI, and wherein the each of the plurality of secret keys are associated with each of the plurality of device profiles.
A method for managing communication device identities in a wireless network involves provisioning a communication device with an International Mobile Subscriber Identity (IMSI) and multiple device profiles. Each profile is linked to the IMSI, and a corresponding secret key is assigned to each profile. The provisioning function ensures secure and flexible identity management by associating the IMSI with multiple profiles, allowing the device to switch between different operational configurations while maintaining authentication security. This approach enables dynamic adaptation to varying network requirements or security policies without requiring hardware changes. The method supports scenarios where a single device operates under different identities or security contexts, enhancing versatility in deployment. The provisioning process includes distributing the IMSI, profiles, and keys to the device, along with instructions for their association, ensuring seamless integration into the network infrastructure. This solution addresses the need for scalable and secure identity management in wireless communications, particularly in environments requiring multi-profile support.
14. The method of claim 9 , wherein the identity provisioning function provisions each of the plurality of registration functions with an IMSI provisioned on the communication device and one of a plurality of secret keys.
In the domain of mobile communication systems, particularly in the context of subscriber identity management, a method addresses the challenge of securely provisioning multiple registration functions with unique identity credentials. The method involves a central identity provisioning function that assigns a unique International Mobile Subscriber Identity (IMSI) and a corresponding secret key to each of several registration functions. The IMSI is provisioned on a communication device, ensuring that each registration function operates with distinct authentication credentials. This approach enhances security by isolating identity credentials across different registration functions, reducing the risk of unauthorized access or credential compromise. The provisioning process ensures that each registration function can securely authenticate with the network using its assigned IMSI and secret key, while maintaining the integrity and confidentiality of subscriber identity data. This method is particularly useful in scenarios where multiple registration functions must coexist on a single device or network, such as in multi-SIM or virtualized network environments. The use of unique IMSI and key pairs for each function prevents cross-function credential leakage and strengthens overall system security.
15. The method of claim 9 , wherein the first registration function receives a first secret key of a plurality of secret keys, wherein the first registration function generated a first authentication response based on the first secret key.
This invention relates to a secure authentication system using multiple secret keys for generating authentication responses. The system addresses the need for enhanced security in authentication processes by employing a registration function that receives a secret key from a plurality of secret keys. The registration function generates an authentication response based on the received secret key, ensuring that the authentication process is both secure and verifiable. The system likely involves a method for securely storing and managing these secret keys, as well as a mechanism for validating the generated authentication responses to prevent unauthorized access. The use of multiple secret keys allows for flexible and robust authentication, where different keys can be used for different purposes or under different security contexts. This approach enhances security by reducing the risk of key compromise and providing multiple layers of authentication. The system may also include additional functions for key management, such as key generation, distribution, and revocation, to maintain the integrity and security of the authentication process. The overall goal is to provide a secure and efficient method for authenticating users or devices in a manner that is resistant to common attack vectors.
16. The method of claim 15 , wherein the communication device enables the first device profile, wherein the communication device selects the first secret key of the plurality of secret keys according to the first device profile, wherein the communication device generates a device authentication response based on the first secret key, and wherein the communication device sends the device authentication response to the first registration function.
This invention relates to secure device authentication in communication networks, particularly for enabling and managing device profiles with associated secret keys. The problem addressed is ensuring secure and flexible authentication of communication devices, where different device profiles may require distinct authentication processes. The method involves a communication device that enables a first device profile, which defines specific operational or security parameters for the device. The communication device then selects a first secret key from a plurality of stored secret keys based on the enabled device profile. Using this secret key, the device generates a device authentication response, which is a cryptographic proof of its identity. The authentication response is sent to a first registration function, which verifies the device's legitimacy. This approach allows dynamic switching between different authentication mechanisms by selecting appropriate secret keys for different device profiles, enhancing security and adaptability in network communications. The method ensures that only authorized devices with valid secret keys can authenticate, preventing unauthorized access. The system supports multiple device profiles and corresponding secret keys, enabling flexible and secure authentication processes tailored to different operational contexts.
17. A non-transitory machine-readable storage medium, comprising executable instruction that, when executed by a processing system including a processor, facilitate performance of operations, comprising: receiving a registration request from a communication device, wherein the registration request includes a device authentication response; identifying a first device profile according to the device authentication response and a first generated authentication response from a plurality of generated authentication responses; and notifying a server to provide services to the communication device according to the first device profile.
This invention relates to secure device authentication and service provisioning in communication networks. The problem addressed is the need for efficient and reliable authentication of communication devices to enable personalized service delivery based on device-specific profiles. The system involves a non-transitory machine-readable storage medium containing executable instructions that, when executed by a processing system, perform authentication and service provisioning operations. Upon receiving a registration request from a communication device, the system extracts a device authentication response included in the request. The system then compares this response against a plurality of pre-generated authentication responses to identify a matching first device profile. Once the correct profile is identified, the system notifies a server to provide services tailored to the communication device according to the first device profile. The authentication process ensures that only authorized devices receive services, while the profile-based service provisioning enables customized service delivery. This approach enhances security and improves user experience by dynamically adapting services to the authenticated device's characteristics and requirements. The system is particularly useful in environments where multiple devices with different capabilities and configurations need secure access to network services.
18. The non-transitory machine-readable storage medium of claim 17 , receiving an international mobile subscriber identity (IMSI) and a generated authentication response for each of a plurality of secret keys resulting in the plurality of generated authentication responses.
This invention relates to a system for securely managing authentication in mobile communication networks, specifically addressing the challenge of verifying subscriber identities using multiple secret keys. The system involves a non-transitory machine-readable storage medium that stores instructions for receiving an International Mobile Subscriber Identity (IMSI) and generating authentication responses for each of a plurality of secret keys. The process involves processing the IMSI and each secret key to produce a corresponding authentication response, ensuring that multiple authentication responses are generated for the same IMSI. This approach enhances security by allowing the network to verify the subscriber's identity using different keys, reducing the risk of unauthorized access. The system may also include additional steps such as validating the received IMSI, selecting appropriate secret keys, and securely storing or transmitting the generated authentication responses. The invention is particularly useful in scenarios where multiple authentication factors are required, such as in 5G networks or other advanced mobile communication systems. The use of multiple secret keys improves resilience against attacks like IMSI catching or cloning, ensuring robust subscriber authentication.
19. The non-transitory machine-readable storage medium of claim 17 , associating each of the plurality of generated authentication responses with each of a plurality of device profiles.
A system for managing authentication responses in a networked environment involves generating multiple authentication responses for a user or device and associating each response with specific device profiles. The device profiles define characteristics such as device type, network conditions, or security policies. The system dynamically selects an appropriate authentication response based on the current device profile, ensuring compatibility and security. This approach addresses challenges in multi-device authentication, where different devices may require different authentication methods or parameters. By associating responses with profiles, the system streamlines authentication processes, reduces errors, and enhances security by ensuring responses align with device-specific requirements. The system may also include mechanisms to update or modify device profiles based on changes in network conditions or security policies, maintaining adaptability. The storage medium stores instructions for executing these processes, enabling efficient and secure authentication across diverse devices.
20. The non-transitory machine-readable storage medium of claim 17 , wherein identifying the first device profile comprises: comparing the device authentication response to the each of the plurality of generated authentication responses; and identifying that the device authentication response matches the first generated authentication response, wherein the first generated authentication response is one of the plurality of generated authentication responses.
This invention relates to device authentication in a networked system, addressing the challenge of securely and accurately identifying devices based on their authentication responses. The system generates a plurality of authentication responses by simulating different device profiles, each representing a unique device configuration or behavior. When a device attempts to authenticate, the system compares its authentication response against the pre-generated responses to determine a match. The matching response corresponds to a specific device profile, enabling the system to identify the device and its associated characteristics. This approach enhances security by detecting anomalies or unauthorized devices that do not match any known profile. The method involves generating multiple authentication responses, receiving an authentication response from a device, and comparing the received response to the generated ones to identify the device profile. The system may also update or refine the generated responses over time to adapt to new device behaviors or security threats. This technique improves authentication accuracy and reduces the risk of false positives or negatives in device identification.
Unknown
September 22, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.